Perennial Favorites

Article Categories

Saturday, March 31, 2007

The biggest hit I have been seeing here at Security Garden the past few days was when I updated Window Vista Bookmarks to include additional links on ReadyBoost. I had already made note to add the InformationWeek article, ReadyBoost: Better Windows Vista Performance In A Flash, from a couple of days ago. However, after receiving a question at one of the forums I frequent about RAM for Windows Vista, I decided to see what other reputable resources are available for Windows Vista users. I discovered sufficient reference material for ReadyBoost for it to justify a page all to itself. The dozen additions were added to the original collection.

Of particular interest for anyone considering ReadyBoost is the bookmarked Microsoft Windows Help and How-To topic which indicates that the recommended amount of memory to use for ReadyBoost acceleration is one to three times the amount of RAM installed. The example provided there is with a computer having 512 megabytes (MB) of RAM, plugging in a 4 gigabyte (GB) USB flash drive and setting aside from 512 MB to 1.5 GB of that drive will offer the best performance boost.

Friday, March 30, 2007

A very timely reminder from Mary Jo Foley about this Sunday. It will indeed be an "April Fools Day" surprise to users who have not installed the Microsoft's updates and instead manually adjusted the time on their computer. If you fall within this group, I suggest that you download the appropriate Microsoft update. Go to http://www.microsoft.com/dst2007 for more information.

Thursday, March 29, 2007

There has been a fair amount of discussion on the browser war. InHas IE 7 turned back Firefox? it appears that the controversy continues with a a management consulting firm saying that the growth of Firefox has slowed in favor of IE7. The linked article reports that a web metrics company immediately disputed the conclusion saying that IE7's introduction has helped Firefox rather than the other way around.

Not that Security Garden is a "major player", I do check the analytics on occasion. Until I published the article last night with IE7 in the title, it was exactly even with IE7 and Firefox 2.0 sharing an equal 32% of the readership here. However, that article upped the percentage to 39% for IE7. On that note, I have made some additional updates to the Internet Explorer 7 page.

Another popular bookmark page is ReadyBoost. That has also had an addition as have the other pages listed below.

I have yet to figure out the problem, see that Windows Vista Bookmarks is not rendering correctly in IE7. It is fine in Firefox and IE6 but there is a huge space before the first bookmark sections in IE7.

When I was looking to "remodel" the bookmark site, I checked out Windows Spaces Live and Word Press. There were too many advertisements on Windows Spaces Live to suit me. Word Press also had a rendering problem with IE7.

Although I really like the look, particularly the simplicity of Windows Vista Bookmarks, I may have to find yet another new template. In the meantime, if you use IE7, you will have to scroll down the page to see the most recently updated section.

Edit Note: In the template I used for development, I noticed that the most recent post did not show in IE7, apparently taking up the large white space. I published a test post with only a title and that moved the rest of the posts up the page. After repeating the process in "production" in Windows Vista Bookmarks with a blank post entitled, "Welcome to Windows Vista Bookmarks", the white space was substantially reduced in IE7. The Welcome post does not show in IE7 but is visible in other browsers. Very strange.

Microsoft Security Advisory (935423) relates to a vulnerability in Windows Animated Cursor Handling. According to the Advisory, Microsoft is investigating new public reports of targeted attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files.

Please note that for this this attack to work, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or e-mail attachment sent to them by an attacker.

So, what is the warning again? Practice safe surfing, do not open e-mails from strangers or attachments.

Windows Live OneCare has already been updated and the information will be shared with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

I was quite impressed with the quality of the image in the email in my Inbox. The subject of the email is "Internet Explorer 7 Downloads" and the sender is shown as admin@microsoft.com. The image is great, very realistic looking. The only problem is that when you mouse over the original image the address is not, of course, a Microsoft address.

If you receive an email like this do NOT click on the image!

Microsoft does NOT send beta or other software download links via email.

IE7 was just released. There is no beta program.

Mousing over the image shows a non-Microsoft address.

I submitted the full header information and URL to appropriate forces, including CastleCops. I see that Alex Eckelberry reported in the SunBeltBLOG that the payload is a trojan and "Antivirus coverage is mediocre."

Wednesday, March 28, 2007

WinHelp2002 posted a tip for systems with 2GB Memory or less that will result in an improvement with ReadyBoost.

You should dedicate a (approved) USB Flash Drive and just leave it plugged in ... in other words there is no need to use the "Safely Remove Hardware" icon in the system tray, even though it exists. This allows you to reboot or shut down the system and Windows will remember and set it up on the next restart.

Tuesday, March 27, 2007

A contact at Microsoft put me in touch with the appropriate people at AOL this morning - an advertising tech lead and a gentleman involved in policy and compliance. Thanks to a network capture that I gave to AOL they were finally able to track down the rogue advertiser who had infiltrated the AOL ad network to serve up winfixer malware advertisements and shut the ads down.

Once the guys at AOL and I actually hooked up, it only took a few hours to get the account shut down. Damned if I know why it took so long for us to connect, but it did.

AOL's official statement on the incident is:

"We use a wide range of technical and policy measures to prevent malware distributors from placing advertisements on our networks, but apparently one was able to circumvent those measures. We have blocked this ad campaign and [are] working with our technical and legal teams to take additional steps to block similar issues in future."

My good friend Patrick Jordan, aka Webhelper, has just finished adding 342 sites to the CWS Sites List. For a complete list including older sites and records, see his CWS (CoolWebSearch) list in spreadsheet format.

With Matousec's icon system, I picked out all of the firewalls that run on Windows Vista and included whether they support 64 bit. The firewalls are separated between Free, Free and Full-Feature Pay Versions and Pay Versions only. Vista Security Features

Install this update to resolve an issue where an error message is received when placing a Windows Vista system into a sleep state while a PPP connection is active. After you install this item, you may have to restart your computer.

This update is provided to you and licensed under the Windows Vista License Terms.

Saturday, March 24, 2007

It seems that every time I refresh a page or take "one last look at the feed list", I find something new to bookmark or a page that needs a bit of sprucing. This time it was a find at Michael Howard's Web Log -- A Real-world Windows Vista BitLocker Tip.

The Unofficial Windows Vista Weblog is a good source of information. The site is recognized by Microsoft as a Windows Vista Community Blog and has been included in my feed list for a while.

Today I found a great tutorial via Milo at Windows Vista Weblog from VistaRewired for speeding up the Windows Vista Defrag tool and added it to the growing list of Vista Features and Tutorials.

Note: Many people are of the opinion that it is unnecessary to defrag NTFS systems. Granted, unlike the earlier Windows operating systems, NTFS systems do not require frequent defraging. However, if you notice the system getting a bit "sluggish", particularly after heavy add/remove activities, running the defrag tool or the tools in the VistaRewired tutorial may help return the computer to its earlier zippy state.

While at WindowsNow, I located a working link to HOW-TO: Switch to Windows Vista 64-bit painlessly by Kristan Kenney. I had read a leader to his tutorial at another site, but the link didn't work. I was so happy to finally have Kristan's tutorial that I (finally) completed the revision of the Features and Tutorials bookmark page. I hadn't been happy with the presentation. It seems much easier to locate bookmarks on that page now.

I saw a demonstration of the Kodak EasyShare 5300 All-in-One Printer yesterday and, let me tell you, it is sweet! For a home or small business printer it is hard to beat $199.99 to get 32 ppm (pages per minute) for black and 22 for color prints. But that isn't all.

The printer has a built in tray for 4 X 6 inch prints, a high-definition scanner which can, of course, be used as a copier. For the super-geeks, the Kodak EasyShare 5300 is also BLUETOOTH® Wireless Technology-enabled. With memory card slots and a 3-inch color LCD display for editing/cropping digital images at the printer you're almost there.

That isn't all. The price for ink cartridges is unbeatable. The color ink cartridge is only $14.99, black ink cartridge $9.99 or a package deal of $21.99 for both black and color ink cartridges!

I can only speculate that Kodak is not leveraging the fact that the EasyShare printers are compatible across all operating system platforms because the printers are flying off the shelves faster than they can be made. That is right -- ALL platforms, including the Mac and Windows Vista.

But, I am not finished yet. Behind the fast printing, flexibile, multi-function printers is something else -- something that I am extremely proud of -- Kodak technology created by Kodak people. There are not nearly as many of *us* left as in years past, but just look at what *we* are doing to provide an economical means for preserving your every Kodak Moment!

The March 2007 Windows Vista Application Compatibility Update is a package of software updates that address common application compatibility issues in Windows Vista. When you try to install and run certain legacy games or applications in Windows Vista, you may experience one or more of the following symptoms:

The game, the application, or the firmware may not be installed correctly.

The game, the application, or the firmware may cause system instability.

The primary functions of the game, the application, or the firmware may not work correctly

This update is cumulative and supersedes update 929427. (This update also includes fixes that are contained in update 929427.) In addition to the fixes that are contained in update 929427, this update improves support in Windows Vista for the following games, applications, and firmware:

Note After you install this update, a CD device or a DVD device may not work correctly. If you select the device in Device Manager and then view the properties for the device, you may receive the following error message:

The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)

This problem occurs because a legacy application may install drivers that are incompatible with Windows Vista.

For more information about how to work around this problem, click the following article number to view the article in the Microsoft Knowledge Base:

314060You can no longer access the CD drive or the DVD drive, or you receive an error message after you remove a CD recording program or a DVD recording program in Windows XP: "error code 31"

I have been doing more bookmark "remodeling", including many new additions. As much as I would like the authors to know I have created links to their work as well as provide appropriate "hat tips", I was making so many changes that I will apologize up front if I missed anyone. It is not intentional.

The Vista Security Features bookmarks are now separated in a more comprehensive manner. (Hat tip to Donna's post which served as inspiration for the new format.) In addition to quite a few Microsoft links, the following non-Microsoft additions were included:

An excellent collection that I discovered is the Office UI Bible by Microsoft MVP Patrick Schmid. It is essentially the equivalent of Windows Vista Bookmarks, but strictly for Office. It is a compilation of the MSDN blog posts by Jensen Harris, Program Manager of the Office UI Team.

Proxy settings in the browser need to be disabled when using a router as the gateway for the Internet connection. Although I did not find instructions for disabling proxy settings in Opera, below are instructions for Firefox and IE.

Monday, March 19, 2007

Edit Note: When I originally drafted this post, I debated whether I wanted to include a link with instructions on how to disable Vista UAC. At the time I decided to go ahead. After reading George Ou's comment today, I have to admit that I agree with him and have removed that link.

"If Vista UAC really bothers you that much, you can turn Vista UAC off and simply accept the risk of running with full administrative privileges. I’m not going to link to any tutorials on disabling UAC because anyone who can’t figure out how to turn off UAC probably shouldn’t be turning it off in the first place. I’m sorry if that sounds blunt; but I don’t want to give any advice that endangers anyone’s PC."

There is a lot more at VistaRewired, which is why the site has been bookmarked in Reviews and Collections. The individual tutorials are linked below. Perhaps when time allows (!), I will break those links down further into suitable bookmark pages. In the meantime, there is a lot of information at VistaRewired:

Sunday, March 18, 2007

To be specific, the infamous Norwich Bulletin went on to show as a subtitle, "Failure to protect children is the crime".

Do you know what is a crime? The Norwich Bulletin and the people of Connecticut who put up with complete unconscionable reporting and editorializing. IMO, the Norwich Bulletin is exemplifying the very worst that journalism has to offer.

"Apply this update if you experience one or more of the following issues after you resume a Windows Vista-based computer from sleep or from hibernation:

A device stops responding (hangs) or stops working correctly. There may be a yellow exclamation mark next to the device in Device Manager. Or, the device may not appear in Device Manager. The device may be a fingerprint reader, a Windows Media Center remote control, an optical drive, a FeliCa reader, or some other device.

After you resume the computer, you use the Safely Remove Hardware option to remove a device on a portable Windows Vista-based computer. However, in this situation, you cannot reconnect the device. After this issue occurs, the computer may stop responding when you try to shut it down or to perform a restart.

A device such as a fingerprint reader is not available for use at the Welcome screen.

The LED lights that represent NUM LOCK, CAPS LOCK, and SCROLL LOCK functionality on a universal serial bus (USB) keyboard do not assume their pre-sleep or pre-hibernation status after the computer resumes. Additionally, these lights now remain off, regardless of the status of the corresponding keys.

You receive an error message that states that a device does not meet the Logo requirements.

This update also addresses two issues in which you may receive a Stop error message that resembles one of the following.

Error message 1: STOP 127 PAGE_NOT_ZERO_NVIDIA_USB

This error occurs on a Windows Vista-based computer that uses 2 gigabytes (GB) or more of RAM and an nVidia nForce EHCI controller.

This error occurs because of a race condition in the Usbhub.sys driver. This condition occurs if a USB device driver tries to enter a selective suspend state when a previously canceled selective suspend request has not yet been fully processed."

Shortly thereafter, I saw ComputerDefense.org Outbound Rules List, by HTRegz. It is the start of a list of outbound rules for “standard” applications and default install locations that can be imported into the Windows Vista Firewall. The imported list is used to configure outbound filtering without the need to configure each program individually. HTRegz is

"more than willing to create additions to the list (assuming I know the software to be “safe”)

I suggested a few software programs that came to mind. If you have suggestions of others to be added, post them as a comment to HTRegz' Outbound Rules List. Just tell him Corrine sent you.

Friday, March 16, 2007

When the first report was issued that Windows Live One Care failed an antivirus test, I was more upset that we had no statements, updates, or any type of information from the Microsoft Anti-Malware Team in many months, let alone any comment, explanation, or path forward with regard to the test results. After all, veteran McAfee failed the same test.

A short time ago, however, I had a wonderful surprise when I decided a check of my RSS feeds would be a good companion to the New England Clam Chowder that I picked up from the cafeteria for lunch. There before me was (finally) an indication of a new entry in the Microsoft Anti-Malware Engineering Team blog!

Jimmy Kuo, Microsoft Security Research & Response team (MSRR), addresses the concerns raised with regard to the detection capability of Windows Live OneCare. What I particularly like about Jimmy Kuo's post is that it is in "normal English", not "Geek-Speak". This is important to me because my focus is on the home PC user -- the very people who are likely to consider Windows Live OneCare for their computer. I can point to his explanation with confidence that my readers will not get lost after the first sentence.

That said, without further adeau, I encourage taking a few minutes to read "Hello World" by Jimmy Kuo.

Update: Although MIA since the end of January, the Windows Live OneCare blog team has also posted today. See Update from OneCare. I hope we are seeing a come back.

Thursday, March 15, 2007

Power to the people! Well, ok, power to Robert McLaws! Major kudos as well!

What happened? Its this simple. Through interaction with someone who contacted him, Robert realized there was an apparent error in the Vista EULA (End User License Agreement) for Anytime Upgrade providing a limit of one transfer after running an Anytime Upgrade of Home Premium to Ultimate. Rather than ignoring the issue, Robert contacted Microsoft, calling the error to their attention.

Wednesday, March 14, 2007

It was just the end of January when the security community was excitedly reporting the precedent set in a groundbreaking anti-malware settlement. Cingular Wireless LLC, Priceline.com and Travelocity.com agreed to discontnue serving up spyware in their advertisements. It wasn't the dollar amount of the settlement that caused the excitement but rather that there was finally a legally binding agreement in the Assurances of Discontinuance (PDF) .

Unfortunately, it appears that agreement has not meant much to Cingular and Travelocity.

"Cingular and Travelocity continue to receive spyware-originating traffic, including traffic from some of the web's most notorious and most widespread spyware, in direct violation of their respective Assurances of Discontinuance. That said, Priceline seems to have succeeded in substantially reducing these relationships -- suggesting that Cingular and Travelocity could do better if they put forth appropriate effort."

Tuesday, March 13, 2007

The Windows Vista Support Team has published two Knowledge Base (KB) articles with helpful information on upgrading and/or installing Windows Vista from a Windows 2000 or Windows XP machine.

A third KB article published describes how to perform a custom installation of Windows Vista to work around upgrading versions of Microsoft Windows XP to Windows Vista because of language pack issues between the two products.

The Windows Ultimate Team announced today that the Windows DreamScene Content Pack now available in a preview version in Windows Update. Four videos are included:

A field of thistle, with a bee gathering pollen

The rushing water of a forest stream

A streetlamp reflected in a puddle, with softly falling rain

Orange wisps flowing in a computer-generated scene

Please note, however, that the preview version is an pre-release and, thus, unsupported. If Windows DreamScene Preview is installed, go to Windows Update and "Check for updates". The Content Pack is listed as an Ultimate Extra.

Windows Vista Bookmarks, Customizing Vista, has been updated to include the Content Pack and the DreamScene FAQ's.

Monday, March 12, 2007

No, I didn't get lost in the time change. Automatic updates properly adjusted the time on my computer, cell phone, pager and cable.

I forget how many clocks we have in the house until it is time to set them ahead or back -- stove, microwave, coffee pot, thermostat, VCR, DVD, grandfather clock, mantle clock, wall clocks, alarm clocks, watches . . . the list seems to grow every year.

As much as I would have liked to, unfortunately, I was not boarding a plane for Redmond along with approximately 1900 other Microsoft MVP's, including many of my "on-line friends". Perhaps I'll be able to attend the next MVP Summit.

So, what kept me away from blogging this weekend? I decided to do a bit of remodeling of Windows Vista Bookmarks. I tried WordPress but the poor rendering in IE of the templates that fit my purpose was unacceptable. So I looked around again at Blogger templates and found K2. I selected it for its clean lines, created my own custom header, removed extras and there you have it. I think it came out pretty good. What about you?

Friday, March 09, 2007

For many years, a favorite resource for computer users the world over has been Black Viper. Black Viper turned off his web server almost two years ago but has now brought it back up and will be getting back into it. Yes, that includes Windows Vista. Black Viper reports that he has been using Windows Vista a few months and will be including Vista on his site in due time.

Thursday, March 08, 2007

As of today, no new Security Bulletins are scheduled for release on 13 March 2007. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool but no security updates are scheduled.

There will, however, be several Non-security High Priority updates on MU, WU, WSUS and SUS:

Wednesday, March 07, 2007

I really thought I was finished posting updates on Daylight Saving Time for a while but something else came my way today. Although I provided instructions for using tzedit.exe, the time Zone edit utility, Blake Handler posted information on unofficial Daylight Saving Time patches for Windows 98, NT, Me and 2000 in The Road to Know Where:

Description

Georgi Guninski discovered a potential integer overflow in the code that handles mail formatted as text/enhanced or text/richtext. This could in turn lead to a buffer overflow and potential code execution.

To exploit this flaw a malicious mail message would have to include a line more than 400 megabytes long. Many mail systems have storage quotas and transport filters that would prevent a message of that size from reaching its destination, but should the message get through its size would provide more than sufficient space for a payload.

Workaround

Do not open mail messages that are megabytes in size unless the sender is someone you know and from whom you were expecting that specific mail. Delete the message without opening it by shutting the view pane (F8, or from the "View | Layout" menu) before selecting the message in the thread pane and then deleting.

Description

moz_bug_r_a4 reports that the fix for MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI.

The same regression also caused javascript: URIs in IMG tags to be executed even if JavaScript execution was disabled in the global preferences. This facet was noted by moz_bug_r_a4 and reported independently by Anbo Motohiko.

Thunderbird is not affected by this flaw as it will not execute javascript: URIs in IMG tags.

Workaround

Upgrade to a version containing the fix. Disabling JavaScript does not protect against this flaw.

What UAC does do is enable running a computer with Windows Vista installed as a standard user. The result of this is important. By following the recommendation to keep UAC running, the computer is significantly less vulnerable since currently most malware requires administrator privileges.

Does running as a standard user protect against the computer operator allowing installations? Absolutely not. However, it is certainly hoped that the average computer user will recognize the difference between an unexpected request for elevated privilege and a request when intentionally installing software.

For in depth look at User Account Control for Windows Vista, tune in to the Channel 9 interview of Jon Schwartz, UAC Architect, and Chris Corio, UAC Technical Program Manager, where they tackle UAC from various angles:

1) What problems does UAC attempt to solve?2) How does UAC actually work?3) Why did we implement UAC UI to be so aggressive, from a user experience point of view?4) How will UAC evolve?

Monday, March 05, 2007

It certainly isn't taking long to come up with new additions to Windows Vista Bookmarks. It seems that as soon as I send out notice of the most recent updates, I find others. To keep my confusion to a minimum and also so the update notices aren't too long, I'll continue sending an update after getting a few. I am also updating the post date when adding a new bookmark which will bump the post to the top of the queue.

"Andre is excellent at writing extremely useful and comprehensive FAQ's and I've used him as a resource for directing folks to the right information - especially with Windows Vista and Office 2007. Andre is also responsible for ActiveWin's 70+ page Windows Vista Review. You should check that out too."

ActiveWin's review has long been bookmarked and now Andre Da Costa's updated FAQ/Quick Start Guide has also been bookmarked in Reviews and Collections.

Windows Vista User Guide"This site contains information about the various editions of Windows Vista, from Windows Vista starter to Windows Vista Ultimate Edition. Details on pricing and feature comparisons can also be found as well as methods of upgrading your current pc running Windows XP to Windows Vista will be detailed in easy to follow steps and plenty of screenshots to explain the exact procedures on how to upgrade."

While you are at Windows Vista User Guide, check out the collection of Windows Vista Screenshots, a gallery of all the applications within Windows Vista

I came by this gadget via VistaJuice. The following description is from the download page:

"Similar to the MS Slide Show Gadget, but also changes your desktop wallpaper at set intervals. It also allows more scaling options that Vista supports by default, such as "Maintain aspect ratio" and "Crop to fit screen". If you don't want the slide show, you can set it to "preview next wallpaper" instead. Any issues, please visit the Gadget home page on www.aeroxp.org"

Kurt Shintaku was inspired to follow through on the above tutorial by Josh's post on Creating A Bootable WinPE 2.0 USB Key. He created step-by-step instructions, some of which was adapted from Josh's instructions.

Where Daylight Saving Time used to "spring ahead" on the first Sunday in April and "fall back" on the last Sunday in October, the timeframe has been extended so "spring ahead" will now occur on the second Sunday in March, with "fall back" on the first Sunday in November.

So, what's the big deal? Without the appropriate patches/updates, not only will your computer be out of sync with thetime change, so also will the Sun Java Engine, your e-mail calendar program as well as any mobile devices.

As I indicated in the above-linked document, if you have Windows Vista or have Automatic Updates turned on, your computer and Outlook calendar (if you use it) should be updated. See that document also for information and instructions on using the tzedit.exe utility.